• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Is there a way to FORWARD local client IP address , instead of the proxy IP?

Scheduled Pinned Locked Moved Cache/Proxy
7 Posts 2 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    elcid
    last edited by Feb 20, 2017, 11:58 PM

    To be more descriptive.

    When I am looking at some logs, the proxy IP address appears as the source, I would like to see the clients IP addresses instead.

    I am currently not NATing with PFsense firewall, I have SquidGuard and Squid setup as transparent proxy.

    Is this possible with the proxy in place?

    thanks everyone!

    1 Reply Last reply Reply Quote 0
    • E
      elcid
      last edited by Feb 21, 2017, 6:11 PM

      I guess not ? :(

      :'(

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by Feb 21, 2017, 6:26 PM

        You mean like the X-Forwarded-For header, or?

        1 Reply Last reply Reply Quote 0
        • E
          elcid
          last edited by Feb 22, 2017, 4:46 AM

          Hello,

          I am not sure what the terminology would be, what I need to know is if there's a way to allow the clients behind the proxy IPs be seen and logged individually by other tools located in the LAN.

          What I am seeing now is that clients that are using the proxy,  their LAN ip are hidden as they are behind the proxy server.  So all connection logs etc appears to be coming from the proxy - which is understandable..

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by Feb 22, 2017, 8:13 AM

            Yes, you'd need to add the header (General - X-Forwarded Header Mode) and log those headers on the server.

            1 Reply Last reply Reply Quote 0
            • E
              elcid
              last edited by Feb 22, 2017, 6:17 PM

              Doktornator:

              First, let me once again say many thanks.  People like you make learning and working with linux software fun!.

              I checked my squid.conf file:

              Allow local network(s) on interface(s)

              acl localnet src  192.168.0/24 
              forwarded_for on

              From what I can see above, the forward_on is already set in place. Its enabled.  Yet, when clients are browsing the internet, the logs are not showing in snort/security onion as the client IP but as the proxy server IP address.

              In the same proxy.conf configuration, I found this entry:

              icap_send_client_ip on

              which is also on as per default configuration.

              I am guessing I am missing this part:

              "and log those headers on the server"  this is the part I am tad confused about but I am definitively searching.  I am trying to view info in my snort/security onion logs.

              Once again thanks Dok!

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by Feb 22, 2017, 6:40 PM

                No, Snort does not look at X-Forwarder-For headers. Those are useful for webservers. There is no such thing available, frankly. icap_send_client_ip will add X-Client-IP header. These do NOT rewrite the source IP in the packets, this is L7 stuff.

                1 Reply Last reply Reply Quote 0
                4 out of 7
                • First post
                  4/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received